Try it now

$ uses: vexlit/action@v1
5 MINUTES

GitHub Action Setup

Scan every push and pull request automatically. Results appear in GitHub's Security tab.

Step 1: Create workflow file

Create .github/workflows/vexlit.yml in your repository:

.github/workflows/vexlit.yml
name: VEXLIT Security Scan

on:
  push:
    branches: [main]
  pull_request:
    branches: [main]

jobs:
  security-scan:
    runs-on: ubuntu-latest
    permissions:
      security-events: write
    steps:
      - uses: actions/checkout@v4

      - name: Run VEXLIT Scan
        uses: vexlit/action@v1
        with:
          fail-on: high
          upload-sarif: true

Step 2: Understand the inputs

Configure the action to match your workflow:

pathsDirectories to scan (default: entire repo)
fail-onMinimum severity to fail the build: critical, high, medium, low, none
formatOutput format: sarif (default), json, table
upload-sarifUpload results to GitHub Security tab (default: true)

Step 3: View results in GitHub

After the first run, results appear in two places:

  • Security tab → Code scanning alerts — full vulnerability list with file links
  • Pull request checks — inline annotations on vulnerable lines

Step 4: Advanced configuration

Scan only specific directories or use a custom config file:

.github/workflows/vexlit.yml
- name: Run VEXLIT Scan
  uses: vexlit/action@v1
  with:
    paths: src/,lib/
    fail-on: medium
    format: sarif
    upload-sarif: true

Step 5: PR comment integration

Connect your GitHub repository on the web dashboard to enable:

  • Automatic PR comments with vulnerability summary
  • "Fix All" button directly in PR comments
  • Auto-fix PR creation from dashboard

Step 6: REST API integration

Use the REST API to trigger scans from any CI/CD system, not just GitHub Actions:

# Trigger scan via API
curl -X POST -H "Authorization: Bearer $VEXLIT_API_KEY" \
  -H "Content-Type: application/json" \
  -H "Idempotency-Key: $CI_BUILD_ID" \
  -d {"project_id": "your-project-id"} \
  https://vexlit.ai/api/v1/scan

# Check results
curl -H "Authorization: Bearer $VEXLIT_API_KEY" \
  https://vexlit.ai/api/v1/scans?limit=1

# Download SARIF
curl -H "Authorization: Bearer $VEXLIT_API_KEY" \
  https://vexlit.ai/api/v1/scans/$SCAN_ID/sarif -o results.sarif

Create API keys in Dashboard > API Keys. scan:create requires Team plan and team projects.

Next step

Next Step

Set up team collaboration with role-based access and Jira integration.

Team Workflow →